Microsoft's Education site suffered from a cross site scripting vulnerability.
3924fce5c180dbeb4453ed70ff1611bb77caeca4ddb4adc2e2eb8fd1dcfb8e8f
A vulnerability allowed remote attackers to determine which specific Facebook user ID is linked with a mobile phone number without secure approval. The vulnerability is located in the ctx and recover lwv parameters and /login/identify modules.
1f368fb681cb0f83b994a4f076b47f93bf100cc10af4af529935449d736dd571